Threat Hunting is a proactive search for threats in the infrastructure of a given organization that for some reason have not been previously detected by security systems. This service consists in analyzing the collected historical and current data in order to detect traces of malicious activities early and limit the time in which the threat is active in the organization (so-called dwell time). Threat Hunting largely depends on the skills and knowledge of the analyst about the current activity of criminal groups and innovative attack techniques, which usually comes from the Threat Intelligence service we provide.
The Threat Hunting service is a teamwork of Cyber Arms analysts together with the client's engineers. Our goal is not only to increase the level of security in the organization, but also to transfer knowledge on both sides. After the exercise is completed, further work can be continued by the client's engineers, which gives an incomparably better effect than a one-off service.
Threat Hunting is a creative process, but it takes place within a set framework. It starts with the creation of an idea (hypothesis) based on knowledge (Threat Intelligence) and the analyst's observations, in order to conduct an investigation with the help of available tools and data that will disprove or confirm the hypothesis.
Threat Hunting assumes the existence of an efficient security monitoring process in the organization in many areas, as it is based on data collected in SIEM. It is a fully independent service, but it works best as a complementary to the SOC service we provide, with which it complements perfectly.